Really can’t comment on the Scott situation because we don’t know exactly what he was running, we only know what he told us.

A while ago I had a blog which for some unknown reason started firing hundreds of notification emails at once. I couldn’t find any cause so I had to disable all email notifications. It seemed like a bug from one plugin I used on it. And that’s the core of my argument.

Wordpress sites are highly targeted as it is the most used platform on the web. So an attack wouldn’t be a surprise at all, I guess. Maybe it was really a bot or something trying to break into Scott’s sites. We can’t know for sure now, but bots can do everything, literally. If you have a form on your website, or installed a plugin, you can be vulnerable.

So first thing I do to try to avoid this is put the site behind Cloudflare. This way, they absorb part, or most, of the traffic in case of spikes. Second thing is always updating plugins, and third, not using pirated themes or plugins as they may contain backdoors.

These are just general tips. As Cloudways (and Vultr, and DO, and Linode, etc) only provide you with the servers, they won’t always back you up when problems such as this arise.

As we read through the community to understand how everything works, an observation : Maybe Cloudways can set up an alert system that will text us in case of limit exceeds. (Keep default limits on bandwidth and any additional must have customer approval)? Also, a tiny algorithm to check any out of the ordinary spike? The 1st alert will not shut down anything but a 2nd alert might need an action like customer approval to keep server running? (Let customer decide on these limits as his pocket guides? ) . Just a tiny pointer to solve this issue as upload to crash or cause financial damage is a real possibility here!

This is disappointing to read. I’m a new Cloudways customer, so I’ll have to keep a close eye on my bill and usage. My scenario is the same as yours with a few low traffic WordPress sites hosted on Cloudways.